Rafa Marin Lopez writes: > Running EAP is not related with either you trust the JA or not. You > can run EAP in standalone mode between the JN and JA and follows the > same schema you mention. There, the EAP authenticator is the JA. Or > it can be placed on the JCE. I think the problem where you place > the EAP authenticator (either in the JA or in the JCE). Or, in > general, what is the entity that really authenticates the JN.
Yep. On the other hand with IKEv2 you can also use multiple authentication methods (RFC4739) where you first run authentication between the JN and JA using raw public keys, and then run second authentication using EAP, where the JA forward the EAP messages to the JCE, i.e. the EAP authenticator is in the JCE. That will provide a way to authenticate both JA and JCE to JN, and JN to both JA and JCE. But that will mean there is around 10 messages instead of 4... > I personally do not feel too much comfortable with the fact JN does > not authenticate the JCE and vice-versa. But it is fine with me if > the WG wants to go that way. It depends what your environment is. If the joining process is happening only once when the network is set up, then running 10 messages during that is not a problem. If it happens every time you move from one room to another (i.e your remote controller joins the 6tisch network in the room to control the lights), then doing it quickly with 4 messages might be better. > > PANA is already defined to be used in the 802.15.9, but PANA defined > > in 802.15.9 is used in bootstrapping, > > i.e. getting LLCs and then you > > need to still run some operational KMP over 802.15.9 to use those > > credentials to generate the final keying materials. > > Btw, to avoid any confusion, from your comment it seems that you > have made a distinction of a solution for bootstrapping and for the > KMP. EAP over CoAP would be for bootstrapping as well. Thus, are we > talking about the bootstrapping or the KMP (the security association > protocol) after the bootstrapping? As far as I understand PANA is really for bootstrapping or at least that is how the authors of those parts of the 802.15.9 defined things. I.e. PANA does not really create dynamic link-keys and negotiate SAs between devices, nor it can do rekeys etc. Or that is at least what I have understood. I might of course be misunderstanding what PANA does, as I have not really looked at it, but currently in 802.15.9 PANA is defined to be used for bootstrapping and then you need some other KMP to do negotiate link keys, and distribute group keys. I have been talking about the KMP, I just pointed out that PANA is already defined for 802.15.9, but it is not really KMP, so in addition to that you need real KMP too. > > I am not a PANA > > expert, so do not know how it is supposed to work... :-) > > > > CoAP could be run over 802.15.9, but as it is not KMP it cannot be > > used as KMP for generating keys for 802.15.4… > > It is the EAP over CoAP service that bootstraps the keys. Which is not KMP, thus it cannot generate pairwise link keys between two devices, and distribute different group keys with KeyIndexes, KeySources etc to each other. Bootstrapping is separate problems and I think we should more concentrate on the KMP issue. I.e. how do we get the pairwise keys between device A and B, and how do we distribute the group key using KeyIndex 0x02 and KeySource of 0xdcac000000000002 to joining device. > > That will be very simple key management protocol, but it still will be > > key management protocol. EAP is authentication protocol, and how to > > derive keys from the secret it generates to protect something is KMP. > > The EAP Key Management Framework talks about (unicast or multicast) > "security association protocol", and that is the assumption after > the EAP authentication. So to me EAP is useful to “bootstrap" key > material. Having said that, it is fine to me consider everything as > a KMP. In fact, there was an old draft > https://tools.ietf.org/html/draft-ohba-6tisch-security-01 with the > description of several KMPs that can be used in different phases. Actually EAP only authenticates the endpoints, and certain EAP methods can also generate keying material. Not all EAP methods are key generating. On the other hand using non-keygenerating EAP methods is usually not safe. -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
